gregorbednov/empty.nix
gregorbednov/empty.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modified: configuration.nix

Browse source
This commit is contained in:
Gregory Bednov 2026-01-30 12:22:53 +03:00
commit 69364bc04b
1 changed files with 89 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

146
configuration.nix
View file

@ -1,99 +1,131 @@
{
lib,
config,
pkgs,
simintech,
#simintech,
stm32cubemx,
packettracer7,
inputs,
...
}:
let
serverIP = "10.0.174.12";
buildNodeYggIP = "200:ccc6:1361:5c84:aba0:1244:35f5:c903";
hasBootPartition = config.fileSystems ? "/boot";
isNvidia = (builtins.readFile (pkgs.runCommandLocal "isNvidia" {} ''
${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep NVIDIA | ${pkgs.busybox}/bin/grep VGA > $out
'')) != "";
isNvidia =
(builtins.readFile (
pkgs.runCommandLocal "isNvidia" { } ''
${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep NVIDIA | ${pkgs.busybox}/bin/grep VGA > $out || true
''
)) != "";
in
{
users.users.student = {
isNormalUser = true;
initialPassword = "student"; # вход беспарольный, но пароль student
extraGroups = [ "video" "sound" "input" "storage" ];
packages = [];
extraGroups = [
"video"
"sound"
"input"
"storage"
"dialout"
];
};
imports = [ ./hardware-configuration.nix ];
# если машина установлена на диск с Windows,
# то она позволяет "увидеть" и выбрать Windows в течение 30 с
# иначе - 5 c таймаута (для виртуалок)
boot.loader = if hasBootPartition then {
efi.canTouchEfiVariables = true;
timeout = 30;
grub = {
enable = true;
efiSupport = true;
device = "nodev";
useOSProber = true;
theme = "${pkgs.sleek-grub-theme.override{ withStyle = "orange"; withBanner = "Выберите ОС"; }}";
};
} else {
timeout = 5;
grub = {
enable = true;
device = "/dev/sda";
theme = "${pkgs.sleek-grub-theme.override{ withStyle = "orange"; withBanner = "Загрузчик Linux"; }}";
};
programs.tmux = {
enable = true;
withUtempter = true;
historyLimit = 5000;
clock24 = true;
};
boot.loader =
if hasBootPartition then
{
efi.canTouchEfiVariables = true;
timeout = 30;
grub = {
enable = true;
efiSupport = true;
device = "nodev";
useOSProber = true;
theme = "${pkgs.sleek-grub-theme.override {
withStyle = "orange";
withBanner = "Выберите ОС";
}}";
};
}
else
{
timeout = 5;
grub = {
enable = true;
device = "/dev/sda";
theme = "${pkgs.sleek-grub-theme.override {
withStyle = "orange";
withBanner = "Загрузчик Linux";
}}";
};
};
time.hardwareClockInLocalTime = hasBootPartition;
# настройки Nix
nixpkgs.config.allowUnfree = true;
nix.settings.auto-optimise-store = true;
nixpkgs.config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
nix.settings = {
extra-substituters = [ "http://nixos.builds.node" ];
trusted-public-keys = [ "nixos.builds.node:E/XNkcdzB0EyTyEJuOTXJH8qynxgCfQ87JHkbD88uF8=" ];
auto-optimise-store = true;
};
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
hardware.enableAllFirmware = true;
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
powerManagement.enable = true;
open = false;
nvidiaSettings = false;
};
boot.kernelParams = if isNvidia then [ "nvidia-drm.modeset=1" ] else [ ];
boot.blacklistedKernelModules = if isNvidia then [ "nouveau" ] else [ ];
boot.extraModprobeConfig =
if isNvidia then
"options nvidia "
+ lib.concatStringsSep " " [
"NVreg_UsePageAttributeTable=1"
"NVreg_EnablePCIeGen3=1"
"NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100"
]
else
"";
##### СЕТЕВЫЕ НАСТРОЙКИ #######
# каждый компьютер виден под уникальным именем через Avahi
services.avahi = {
hostName = "nixos"
+ builtins.readFile ((pkgs.runCommandLocal "uuid" {} ''
mkdir $out
cat /proc/sys/kernel/random/uuid > $out/uuid
'')+"/uuid");
services.yggdrasil = {
enable = true;
nssmdns4 = true;
openFirewall = true;
publish = {
enable = true;
hinfo = true;
workstation = true;
domain = true;
addresses = true;
persistentKeys = true;
settings = {
Peers = [ "tcp://${serverIP}:12345" ];
};
};
# каждый компьютер имеет выход в интернет
networking.networkmanager.enable = true;
networking.hostName = "nixos";
# каждый компьютер ресолвит DNS-запросы СТРОГО через наш сервер
networking.nameservers = [ serverIP ];
networking.firewall.allowedTCPPorts = [ 22 ] ++ lib.optionals config.services.harmonia.enable [ 80 ];
# каждый компьютер знает, что kafpi.local - это адрес нашего сервера
networking.hosts."${serverIP}" = [ "kafpi.local" ];
#### ЛОКАЛИЗАЦИЯ #####
networking.hosts."${buildNodeYggIP}" = [ "nixos.builds.node" ];
time.timeZone = "Europe/Moscow";
i18n.defaultLocale = "ru_RU.UTF-8";
console = {
font = "cyr-sun16";
useXkbConfig = true;
};
####### ПРОЧИЕ НАСТРОЙКИ #######
environment.systemPackages = with pkgs; [
vim
tree
@ -101,11 +133,11 @@ in
git
];
# удаленный доступ в пределах нашей сети
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyBYo/E/FkFZVABzMixLS2TWaipfN5T24y8f+E6Px1t+IG8PLnQ38dLJiCR8k971DOycLuJUfKWsC06BK3XLWTO0+PmpfGKNT4NI6dwP2REl/umaignP/QQSs2w9Ff49WqPjIYTSmATTsCNZSVB0VtM0eJ+Y9Ff4CXb1frtt4GYztk6XB3jc3TxV72qzB0g6DqrHkf6pT5YAq2UeuFGZYSZCqBvVXCGcvKHkO1KBubuo95itVA5XbzK3INQTZpQowbtK4ULhUYlaGBcX5tYq1bdiTCDlTcLt6MfxYfFHSFiHbJOzdGPd+mXM7urOQhq49uQOf07dHt9qAzQHajItQb+X3FOgyFt4n6Y9Q37gn/6KC3PH1zClldq9DtgttuG/Xk15q+uvCldji9YIgb80aRHBIp6DY8PlYodmGGesBLiBMGQ7hgKupfkqszjfMkxnMYIkZodUCQVgaqsxsEQ7lD84JJMgBY8HkNLxKhy+6dP6kTc4vTtrpjezq/Ph95PFE= bednov@kafpi-108-1-mainserver2" ];
# НЕ МЕНЯТЬ, иначе придётся все компы переустанавливать, а не обновлять
system.stateVersion = "24.05";